From 527ba5cf580cb4cf1097b1a642181e2ffdf52303 Mon Sep 17 00:00:00 2001 From: Josh Knapp Date: Mon, 14 Oct 2024 19:30:51 -0700 Subject: [PATCH] Adding better backups and log rotation, and updating files around it --- README.md | 5 +++-- configs/vhost-template.tpl | 36 ++++++++++++++++++++++++++++++++++++ local-dev.sh | 3 ++- scripts/create-vhost.sh | 6 ++++++ scripts/entrypoint.sh | 22 +++++++++++++--------- scripts/log-rotate.sh | 2 +- scripts/mysql-backup.sh | 5 +++-- 7 files changed, 64 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 40fe129..21148fd 100644 --- a/README.md +++ b/README.md @@ -15,8 +15,9 @@ __You can then run a development version of the server by running the following ```console mkdir -p local-development/domain.tld cd local-development/domain.tld -mkdir {user,logs} -docker run -d -it -p 80:80 -p 443:443 -e PHPVER=81 -e environment=DEV --mount type=bind,source="$(pwd)"/user,target=/home/myuser -v"$name-mysql":/var/lib/mysql -e uid=30001 -e user=myuser -e domain=domain.tld -e serveralias=www.domain.tld --name local-dev repo.anhonesthost.net/cloud-hosting-platform/cac:latest +mkdir user +mkdir -p user/logs/{apache,system} +docker run -d -it -p 80:80 -p 443:443 -e PHPVER=81 -e environment=DEV --mount type=bind,source="$(pwd)"/user,target=/home/myuser --mount type=bind,source="$(pwd)"/user/logs/apache,target=/etc/httpd/logs --mount type=bind,source="$(pwd)"/user/logs/system,target=/var/log -v"$name-mysql":/var/lib/mysql -e uid=30001 -e user=myuser -e domain=domain.tld -e serveralias=www.domain.tld --name local-dev repo.anhonesthost.net/cloud-hosting-platform/cac:latest ``` *This will start the processes needed to run sites locally.* diff --git a/configs/vhost-template.tpl b/configs/vhost-template.tpl index 64fbad1..9a5489a 100644 --- a/configs/vhost-template.tpl +++ b/configs/vhost-template.tpl @@ -40,6 +40,42 @@ RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] +# +# When we also provide SSL we have to listen to the +# standard HTTPS port in addition. +# +Listen 443 https + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +SSLSessionCache shmcb:/run/httpd/sslcache(512000) +SSLSessionCacheTimeout 300 + +# +# Use "SSLCryptoDevice" to enable any supported hardware +# accelerators. Use "openssl engine -v" to list supported +# engine names. NOTE: If you enable an accelerator and the +# server does not start, consult the error logs and ensure +# your accelerator is functioning properly. +# +SSLCryptoDevice builtin + + + ServerName "~~domain~~" diff --git a/local-dev.sh b/local-dev.sh index 2677e87..c49db47 100755 --- a/local-dev.sh +++ b/local-dev.sh @@ -46,9 +46,10 @@ user=$(whoami) uid=$(id -u) if [ ! -d "$root_path/user" ]; then mkdir -p "$root_path/user"; + mkdir -p "$root_path/user/logs/{apache,system}"; fi $check_docker volume create "$name-mysql" -$check_docker run --pull=always -d -p "$http_port":80 -p "$https_port":443 -e PHPVER=$phpver -e environment=DEV --mount type=bind,source="$root_path"/user,target=/home/"$user" -v"$name-mysql":/var/lib/mysql -e uid="$uid" -e user="$user" -e domain="$name-local.dev" --name "$name" repo.anhonesthost.net/cloud-hosting-platform/cac:latest +$check_docker run --pull=always -d -p "$http_port":80 -p "$https_port":443 -e PHPVER=$phpver -e environment=DEV --mount type=bind,source="$root_path"/user,target=/home/"$user" --mount type=bind,source="$(pwd)"/user/logs/apache,target=/etc/httpd/logs --mount type=bind,source="$(pwd)"/user/logs/system,target=/var/log -v"$name-mysql":/var/lib/mysql -e uid="$uid" -e user="$user" -e domain="$name-local.dev" --name "$name" repo.anhonesthost.net/cloud-hosting-platform/cac:latest echo "Creating management scripts in root directory..." echo "#!/usr/bin/env bash" > "$root_path/instance_start" echo "docker start $name" >> "$root_path/instance_start" diff --git a/scripts/create-vhost.sh b/scripts/create-vhost.sh index ee32023..8468071 100644 --- a/scripts/create-vhost.sh +++ b/scripts/create-vhost.sh @@ -34,6 +34,12 @@ cat < /etc/httpd/conf.d/$domain.conf RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] +Listen 443 https +SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog +SSLSessionCache shmcb:/run/httpd/sslcache(512000) +SSLSessionCacheTimeout 300 +SSLCryptoDevice builtin + ServerName "$domain" diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index b9e2a41..b1b3cbb 100644 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -7,26 +7,30 @@ fi adduser -u $uid $user mkdir -p /home/$user/public_html -mkdir -p /home/$user/logs -mkdir -p /home/$user/logs/{apache,system} +mkdir -p /home/$user/logs/{apache,php-fpm} -chown -R $user:$user /home/$user -chmod -R 755 /home/$user +mv /var/log/httpd /var/log/httpd.bak + +ln -s /home/$user/logs/apache /var/log/httpd +ln -s /home/$user/logs/php-fpm /var/log/php-fpm /scripts/install-php$PHPVER.sh /scripts/create-vhost.sh /scripts/create-php-config.sh -ln -s /etc/httpd/logs /home/$user/logs/apache -ln -s /var/log /home/$user/logs/system +if [ -f /etc/httpd/conf.d/ssl.conf ]; then + mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bak +fi /usr/sbin/httpd -k start /usr/sbin/php-fpm -y /etc/php-fpm.conf +chown -R $user:$user /home/$user +chmod -R 755 /home/$user if [[ $environment == 'DEV' ]]; then echo "Starting Dev Deployment" - mkdir -p /home/$user/public_html/_db_backups + mkdir -p /home/$user/_db_backups dnf install -y MariaDB-server MariaDB-client memcached nohup mysqld -umysql & if [ ! -f /home/$user/mysql_creds ]; then @@ -39,7 +43,7 @@ if [[ $environment == 'DEV' ]]; then mysql -e "CREATE USER '"$mysql_user"'@'localhost' IDENTIFIED BY '"$mysql_password"';" mysql -e "GRANT ALL PRIVILEGES ON *.* TO '"$mysql_user"'@'localhost' WITH GRANT OPTION;" mysql -e "FLUSH PRIVILEGES;" - echo "*/15 * * * * root /scripts/mysql-backup.sh $user $mysql_db" >> /etc/crontab + echo "*/15 * * * * root /scripts/mysql-backup.sh $user devdb_$mysql_db" >> /etc/crontab echo "MySQL User: "$mysql_user > /home/$user/mysql_creds echo "MySQL Password: "$mysql_password >> /home/$user/mysql_creds echo "MySQL Database: devdb_"$mysql_db >> /home/$user/mysql_creds @@ -54,7 +58,7 @@ if [[ $environment == 'PROD' ]]; then sed -r -i 's/;session.save_path="localhost:11211/session.save_path="memcache:11211/' /etc/php.d/50-memcached.ini fi /usr/sbin/crond -tail -f /etc/httpd/logs/* +tail -f /var/log/httpd/* exit 0 diff --git a/scripts/log-rotate.sh b/scripts/log-rotate.sh index 03aa61d..b8c0570 100644 --- a/scripts/log-rotate.sh +++ b/scripts/log-rotate.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash # Set the log directory -LOG_DIR="/etc/httpd/logs" +LOG_DIR="/var/log/httpd" # Get current date DATE=$(date +%Y%m%d) diff --git a/scripts/mysql-backup.sh b/scripts/mysql-backup.sh index f7ef97b..08921c9 100644 --- a/scripts/mysql-backup.sh +++ b/scripts/mysql-backup.sh @@ -7,7 +7,8 @@ if [ ! -d /home/$user/_db_backups ]; then mkdir -p /home/$user/_db_backups fi -/usr/bin/mysqldump $mysql_db > /home/$user/_db_backups/$mysql_db.$dt.sql" -/usr/bin/find /home/$user/_db_backups/ -type f -mmin +360 -delete" +/usr/bin/mysqldump $mysql_db > /home/$user/_db_backups/$mysql_db.$dt.sql +chown -R $user:$user /home/$user/_db_backups +/usr/bin/find /home/$user/_db_backups/ -type f -mmin +360 -delete exit 0 \ No newline at end of file